California Attorney General Kamala Harris failed in her first attempt to sue a company for failing to post a privacy policy on a mobile app.

Harris alleged that Delta Airlines violated the California Online Privacy Protection Act (“CalOPPA”) by failing to include a privacy policy on its mobile app. The lawsuit, in the California Superior Court in San Francisco, was the first enforcement action under CalOPPA since it came into force in 2004. 

On Thursday, the district court granted Delta’s motion to dismiss the complaint, concluding that the Airline Deregulation Act (ADA) pre-empts the state’s claims. The ADA provides that “a State….may not enact or enforce a law, regulation, or other provision having the force and effect of law related to a price, route, or service of an air carrier.” Courts have construed the scope of preemption by the ADA broadly, and the majority of courts which have considered the issue have held that the ADA preempts the application of state consumer protection laws to airlines. See Morales v. Trans World Airlines, 504 U.S. 374 (1992). The judge decided that the operation of a mobile app for air travel services is “related to price, route or service of an air carrier” and thus agreed with Delta’s argument that the California AG’s claim is pre-empted.

This will be a relief for the already heavily regulated airline industry. Airlines already look to State law for examples of best practices, but managing to the ever evolving and often conflicting State laws on privacy as well as the DOT’s regulations (not forgetting the data requirements of the FAA, TSA, CBP and foreign governments) would have been a double burden. This case appears to confirm that the DOT, not the States, regulates privacy practices by airlines.

Harris has stated that she plans to police mobile app privacy using CalOPPA. Her office released a set of best practices for mobile app privacy policies in January, a month before the Federal Trade Commission released its own mobile app guidelines. But considering federal regulators’ interest in the issue, it is debatable whether, like the Delta case, such matters are better left for enforcement at the Federal level.

Delta added a prominent link to its privacy policy on the home screen of the Fly Delta App not long after the filing of the suit and has had a public privacy policy on its main Web site all along.

 

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Nigel Howard Nigel Howard

Nigel Howard’s practice focuses on technology, outsourcing, and intellectual property issues. He represents clients in complex technology transactions, including outsourcing, licensing, corporate partnering, and strategic alliance transactions. Mr. Howard also has experience representing clients during IP property purchases and sales, and in reviews…

Nigel Howard’s practice focuses on technology, outsourcing, and intellectual property issues. He represents clients in complex technology transactions, including outsourcing, licensing, corporate partnering, and strategic alliance transactions. Mr. Howard also has experience representing clients during IP property purchases and sales, and in reviews of IP portfolios in relation to corporate financing and merger and acquisition transactions. His experience includes cross-border technology transfers, development and testing arrangements, distribution channels, technology deployment, and electronic commerce as well as privacy laws with regard to electronic databases and online services.